[Dshield] Is this legit?

Johan Denoyer jdenoy at digital-connexion.info
Tue Jul 29 14:43:21 GMT 2003


doubt that it is real, as their website has been suspended for unpaid
bill! Everyone watch ou if you asked for a copy... Seems like something
weird to watch for....

Salutations,

Johan Denoyer
jdenoy at digital-connexion.info
Digital Connexion
http://www.digital-connexion.info
GPG/PGP : 0xCC8F2C49

"Il n'existe que 10 sortes de personnes. Ceux qui comprennent le binaire,
et les autres."

Jon R. Kibler a dit :
> Greetings:
>
> This was in my inbox this morning. At first I thought it was pure junk
> spam, but after reading it I am not sure whether it is something real or
> not. Does anyone know anything about this organization?
>
> I was also wondering how I got on their mailing list... anyone else get
> this? And if it is from a legit organization, why advertise via bulk
> email?
>
> I will say that the detailed mail headers seem to indicate this at least
> originated from phsecurity.com. I got brave and opened the PDF attachment
> on an isolated and secure system, and it looked like a real "glossy"
> technical spec someone would publish.
>
> Thanks in advance for your feedback.
>
> Jon Kibler
> A.S.E.T., Inc.
> Charleston, SC  USA
>
>
> info at phsecurity.com wrote:
>>
>> -----Original Message-----
>> From: info at phsecurity.com [mailto:info at phsecurity.com]
>> Sent: Sunday, July 27, 2003 10:18 PM
>> Subject: Unfortunately, the days of BOF exploit will be numbered
>>
>> Hi, there:
>>
>> fulldisclosure at catholic.org just disclosed the working version of
>> 03-026. We
>> have checked it out. Without question, the code is great and working.
>>
>> But the problem of the code is that it was easily captured, on the spot
>> by
>> Win-Trap, without the need for signature updating and/or complicated
>> rules.
>> Notice the successful sessions were trapped by Win-Trap, but
>> intentionally
>> let go while the "Exploit appeared to have failed" messages just meant
>> that
>> Win-Trap refused the exploit code to play along. Unfortunately, single
>> DoS
>> might exist when attacked even with Win-Trap protection. Hey, that is
>> much
>> better than allowing the malicious code to play happily, right? Please
>> check
>> http://www.phsecurity.com/pdf/DCOM-Report.pdf for a full document.
>>
>> Considering the fact that the DCOM-RPC exploit code has been released in
>> the
>> wild, we will release our basic version of Win-Trap as a shareware soon.
>> At
>> the same time, if you are interested, please drop us a line to request
>> it
>> before we make it downloadable without jamming our site.
>>
>> The development for the DCOM-RPC exploit is just the assumption in our
>> article titled "The current method against BOF exploit is NOT working".
>> (http://www.phsecurity.com/pdf/CurrentMethodIsNotWorking.pdf). The
>> article
>> suggests that the patch itself is the vulnerability since it gives out
>> clues
>> to what the patch is about. With the reverse tools like "exediff"
>> program, a
>> program to list the differences between two executables with minor
>> differences in source code, one can easily figure out where the
>> vulnerability is. So, a patch is a temporary solution and could be a
>> beginning of nightmares (because of the un-patched vulnerable population
>> of
>> networked computers out there).
>>
>> What is the best solution against BOF exploitation in general? The
>> answer is
>> to secure the operating system core itself! Win-Trap provides the
>> protection
>> against malicious code exploiting buffer overflow, either stack based or
>> heap-based, and against malicious programs such as W32.Bugbear and
>> W32.SoBig
>> etc.
>>
>> With Win-Trap technology conceived, implemented and deployed,
>> (incorporated
>> into OS), then the days of BOF exploitation will be numbered. Critical
>> warnings might not have to be released week after week. Please read
>> http://www.phsecurity.com/pdf/BOF-Exploit.pdf for our arguments.
>>
>> Do enjoy the remaining days of exploit code and realize that a new day
>> for
>> protection against BOF exploit has arrived.
>>
>> Please email info at phsecurity.com to request the basic version of
>> Win-Trap
>> before we put it up on Simtel or elsewhere.
>>
>> PH Security
>> http://www.phsecurity.com/
>>
>>
>>                                 Name: WinTrapSpecifications.pdf
>>    WinTrapSpecifications.pdf    Type: Acrobat (application/pdf)
>>                             Encoding: base64
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list